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rX nr bCginS Wi * 3 remo,e user signing a password to the 

user s postage secunty account at a data center. A cryptographic key corresponding to 
fte user s postage secunty account is provided to the remote user deW and is stored 
at the data center. The password and the cryptographic key are combined at the remote 
user devce and the data center respectively to obtain a user authentication key A^ 
utotcatton algorithm is performed using the user authentication key to Sin a 
remote access message. The remote access message is sent to the data center to ini "ate 
request for access to the postage security account by the remote jgS T% 
H C T te T device 1 5 authenticated for accessing the postage security ar.c^T^n ^ 

data center verifies the remote access message. 1 
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at a data center from a remot e user device begins with a remote user assisrinT^ 
password to the user's postage security account at a dam enter. A c^ptogS'f ey 
correspondmg to the user's postage security account is provided mTS . 2 
devise and ,s stored at the data center. The password and the cryptoyaphTkey Z 
combmed at the remote user device and the data center respectivefy to obtain a u!er 
authenticate key. An authentication algorithm is performed using *e « 

ZZSTZf* ? 0btai " 3 rem ° te ^ m6SSage - T ' C remote aSmS ag U e S 
sent to the data center to inmate request for access to the postage security account by 
the remote user device . The remote user device is authentiied fhr Z^T& 
postage secunty accoun t when the data cente r venhes the remote access message 

Brief Summary Text - BSTX (4): Postage metering systems have been developed which 
employ encrypted information ,h a , ic r j med on a mai , w , c ^ J ' TJJJ 
evidencing postage payment. The encrypte d information includes a posmge value for 
the ma.lp.ece combmed with other postal data that relate to the mailpfece and toe 
-postage-meter-pnntmg-meindid^^^ 
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a digital token or a digital signature, authenticates and protects the integrity of 
information, including the postage value, imprinted on the mailpiece for later 
_ve r,fication of p^ge_pavment._Since_the_digital-token-incorporates-encrypted 
.n orma , on relatinj ; to the evidencing of postage payment, atoing the prinS 

of ^1 ,h T mdlC1Um V e,eC,able by St3ndard verifleation P' 0 *- E*amP'es 
4 7^7,7 f^/Sff " nd Pnnt SUch indicium «" Scribed " U.S. Pat. Nos 

P^Lnin 7 ' 537 ' 4 ' 775 ' 246 ^ 4 ' 873>645 ' ^ <° te - i 

Brief Summary Text - BSTX (5): Presently, there are two postage metering device 
types, closed system and open system. In a closed system, the sysfem functionality is 

efe^lo 3 t n° f meterm V C,iVi,y - EXampl6S ° f C '° Sed S * stem mete ™S devices also 
?nS lil V FT*' eV,denCmg deVkeS ' inClude conventional digital and amdog 
cn»^ , eCtr ° mC) P ° Stage metCrS Wherein a dedicated Pinter is secured 
<Zlf Tf m ! aCC0Un,ing filnCti0n - In a closed s y*em, typically the printer is 
secure y coupled and dedicated to me meter, and printing evidence of postage canno 
take place without accounting for the evidence of postage. In an open syftemTe 

mullein dCdiCa,ed 10 ^ metering aCtivit y> freein * W ft.nct Kj for 
multiple and d.verse uses m addition to the metering activity. Examples of open svstem 
metering dev.ces include persona, computer (PC) based devices U sZ 
mu t.-taskmg operat.ng systems, multi-user applications and digital printers An open 
system metering device is a postage evidencing device with a non-dedLed primer Tat 
is no, securely coupled to a secure accounting modu.e . An open system ndknZ 

in T 5£Sr??r d Pr r mer " ^^^^Tc.uding Addressee IJZZ 
in the encrypted evidence of postage printed on the mailpiece for subseauent 
venf.cat.on See U.S. Pat. Nos. 4,725,718 and 4,831,555, Lh ass gned to Ae 
assignee of the present invention. assignee to me 

ST S ^RMA e TTnN S USPS h3S PUb ' iShed draft specifications for IBIP. 
SecirpT™ J ? N „ , ASE ° INDICIA PROGRAM (IBIP) INDICIUM 

aS to In k L rOP ° Sed re< * uirem ents for a new indicium that will be 

SPJ^! being created usm 8 IBI P- The INFORMATION BASED INDIP1A 

PROGRAM POSTAL SECURITY DEVICE SPECIFICATION date^Jun 3 1996 
and rev,sed Jul. 23, 1997, ("IBIP PSD Specification") defines toe proposal 
requirements for a Postal Security Device ("PSD"), which k „ ^ w ™ 

3 f^^^^ 

™£5T™„ h" 6 " mf0nM , ,,on based " P° sta ge postmark or indicium that wUl be 
applied to mail being processed using IBIP. The INFORMATION RASFn TMnirr* 
PROGRAM HOST SYSTEM SPECIFICATION, dateTo ™ 1996 defmes ie 

SSKlaKT 3 h ° St SyStem e,emem ° f IB,P ( " [BIP " 0St SpecSon* 
IBIP includes mterfacing user, postal and vendor infrastructures, which are the svstem 

mTnTgemeNT^ H^Vr °" MA110N BASED INDl6lA ™S£f5S 
and^enh™^. * ' * 25, 1991 ' defmeS ** ge neration, distribution, use 
-and-repl a c^ent- 0 f-me-cryptograph.c-keys^-byWUSPS product/service provider 



and PSDs ("IBIP KMS Specification"). The specifications are collectively referred to 
herein as the "IBIP Specifications" . 

Brief Summary Text - BSTX (13): In conventional closed system mechanical and 
electronic postage meters a secure link is required between printing and accounting 
functions For postage meters configured with printing and accounting functions 
performed in a single, secure box, the integrity of the secure box is monitored by 
periodic inspections of the meters. More recently, digital printing postage meters 
typically include a digital printer coupled to a metering ( accounting) device which is 
referred to herein as a postal security device (PSD). Digital printing postage meters 
have removed the need for physical protection of the link by cryptographically securing 
the link between the accounting and printing mechanisms. In essence, new digital 
printing postage meters create a secure point to point communication link between the 
PSD and print head. See, for example, U.S. Pat. No. 4,802,218, issued to Christopher 
B Wright et al. and now assigned to the assignee of the present invention. An example 
of a digital printing postage meter with secure print head communication is the Personal 
Post Office.TM. manufactured by Pitney Bowes Inc. of Stamford Conn 
Brief Summary Text - BSTX (19): The present invention provides a method for 
securely controlling access to a mailer's account, which resides at a virtual meter data 
center. The present mvention comprises means to authenticate a mailer, the secure 
distribution of mailer (user) authentication keys and the use of a secure box to execute 
the authentication algorithms/The database in the virtual meter data center holds the 
mailer authentication keys in cipher text to prevent exposure of the keys in plain text 
I he keys are only decrypted when used within the secure authentication box. 

Brief Summary Text - BSTX (20): The present invention provides a method of remotely 
accessing a postage security account at a data center from a remote user device begins 
with a remote user assigning, or being assigned, a password to the user's postage 
security account at a data center. A cryptographic key corresponding to the user's 
postage security ac count is provided to the remote user d^r, and is stored at the data 
center. The password and the cryptographic key are combined at the remote user device 
and the data center respectively to obtain a user authentication key. An authentication 
algorithm is performed using the user authentication key to obtain a remote access 
message. The remote access message is sent to the data center to initiate request for 
access to the postage security account by the remote user device . The remote user 
device authenticated for accessi ng the p ostage security account when the data center 
verities the remote access message. 

Detailed Description Text - DETX (3): The accounting method for virtual postage 
metering system 10 may be a conventional prepayment or post-payment system. The 
preferred method is a prepayment method wherein each mailer is required to put a 
nMunurn amount of money into the mailer's virtual meter account. As account fiinds 

fcln LTITw'Ih 6Vel * 'I? ,' I? Charged ag3inSt Ae mailer ' s ™' A « Ornate 
accountmg method that is s u.table for a virtual postage meterin g s ystem is a r eal-time 

payment method-m-which-t he amount of a transaction is charg ed to a mailer' s 
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StirS? * Ct '° n ° CCUrS - This meth0d is referred t0 he «in as a 
tnckfc charge postage payment, because the mailer does not pay for postage for a 
n^lpjecejuntiLthe mailer -is.ready.to-print the-mailpiece: — 6 

S f o e 2' 0n Te rt xt • DETX f < 5 > : V *tual postage metering system 10 eliminates 
the need to maintain and account for tradit ional metering devices at each mailer's site 
and Provides flexibility for handhng requests from multiple origins of depTb^ch 

r i'T T P °, gC me,ermg SyStem 10 als ° P rovides value added «aVices that are 
not available with conventual meter devices, such as, real-time address hygienT 

tZtZ g H erV ' Ce 1 " nd Charge ? 0Sta S e W™*- Virtual postage metering 
system 10 provides mailer authentication by Data Center 30 to identify mailers wkh 
vahd accounts. When a mailer has been authenticated for each request for Example by 
a username password or other conventional methods, Data Center 30 LSs the 

3sr-"susr informa,ion to *■ rc 20 where - ^LT c c e ri e 
2? is fse^r ~?e are d r ,o perform cryptographic 

,nM J secure, tamper-evident, tamper-resistant and tamper-responding device 
mcluding a processor and memory, that stores encryption kevs and perfo™s 

CeCTndr ati0nS f" g ^ ^ * -cS^bLi^telvffS 
Center 30 includes several types of secure boxes, which are described below In the 

^uScyTrpSa^ Cemer 30 inClUd6S ^ — ° f ^ for 

Detailed Description Text - DETX (11): Key Management System 38 includes a 
manufacturing box (not shown) that provides top-level keys used to generate random 
numbers for seeding each of me other secure boxes. By sharing aSSnhfcte^ 
(secret and/or public), the secure boxes communicate secLly wfthnXtf SL 30 
Key Management System 38 also includes a "steel" box (not shown)That shL a 
SXJZZZ 1 "? b ° X h 44 ,0 encr yP td -vpt master token kejs for X 
™ a . tf ,ransactlons for each meter account. The steel box merges a vendor key and 
a postal key into one record in cipher text. For each meter account, Data Cen7eF30 
creates a logical ^meter, i.e. a meter record, in Database Server 36 by generaL a 
token key usmg the vendor and postal keys, initializing meter registers (ascenSng Ld 
T ter fre ; h " eSS *"» (deSCribed beIow > "* other posta ration as 



includes postal funds as well as the token keys in cipher text. Meter box 44 uses the 
he ^ C L t0 g6nerate ,0kenS ' UpdateS ^ P° stalft ^sfn the meter record Xgns 

^ updated meter record. In.this.manner.-meter-box^-performs-and-c^golsT- 
oZ 0 rr"" n 8 J° t r ^ ,ranSaC, i° n - Meter box 44 «■ *o <* -ed to vS t 

IraTactL ^ VeriflCati ° n ° f "* P ostage evidencin 8 ^ *e 

b^frh? r f i0n Te ? f ; DETX (13): Data Center 30 **> in<^es an authentication 
box 40 that shares a d.fferent secret key with the steel box to decrypt a maner 
aute.car.on key stored in cipher text in Database Server 36. AumenSn h^ S 
S^S,?^ a ' g0ritos »* <* ^rypted authenticaZ ? 

Detailed Description Text - DETX (17): In operation, Communication Server 32 
eceives a request for a meter transaction from mailer PC 20. The application softie 

Sertr r I 0 " ^ ^ "T* °* ° f te ^actJrequ T Mol 

Server 34 accesses ma.ler database 62 and meter database 60 to obtain records 
me nding the appropriate meter record 64, corresponding to th m ter accountTf fhe 
mailer imtiatrng the request. Function Server 34 communicates maU r ecords from 
mailer database 62 to authentication box 40, which then alST^nlto 
requesting die transaction. Once the mailer has been authenticated Son Serv7 3 4 
communicates the .appropriate meter record 64 to meter box 44, wh ic verifL t 

Z IT, h ^ CSS ^ fM ^ reC ° rd - Meter b °* 44 *W *e enSptedSs) 
tha tare stored w.thm meter record f* performs acmnnti fi ,^ n . J^™**\ 

g^^^ gs in meter recofemdl^li^ 

Ute requested transaction. Meter box 44 then generates data fo an ind dum an d ont 

SSLK^rl T h UP<Jated 3nd Signed record is 'hen sTm tr" 
uatabase Server 36 here it is stored as part of meter database 60. 

Detailed Description Text - DETX (21): In accordance with the preferred embodiment 

of the present mvention, an authentication protocol for the virtual 

system uses a shared secret between the Data Center 30 and^ remote PC M Tn 

ssrn^ (also referred , to herein as a » z 2 i£ 

he mailer must possess a secret key and a password. The secret key is Dreferablv 
^~ le media . ««* as a floppy diskette or dongle, so mat omy Ae 2er 
I™ r^ 6 re T ab,e mCdia 3CCess * e account. Only me maiSr knows 
SvX rlJ .I 6 " 61 ^ ^ ^ paSSWMd 316 combined 10 f °™ 'he authentiSn 
at Dat Center 30 vlTrTt" Pm0C ° l FOr «"* havi "g a mailer acToum 

WhPn .h , CentCT 30 St0res 1116 mailer ' s secret in Database Server 36 

s^rettevrStlTt iS ini,ia,iZed 46 mailerS P assword is comb n e ed Se ^ r3 ^ e 

S L a. ^dTu. Jenter ToT' 0 " T ""^ " St0red 8 " e " CrV ^ d fo ™ in ™^ 
„„! , , ,. Uata Renter 30 - F <>r subsequent communications, Data Center uses the 

So7£S° n key ' W K hereaS PC 20 genemes the a «tbemication key usta? 1 
pieces of mformanon, i.e. , the stored secret key and the user password. 
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Detailed Description Text - DETX (23): Referring now to FIG. 3, one embodiment of 
the present mvention is shown wherein the password is used as a key itself for the 
authentication pr^^^^ 



. . ^-ocviw uu-uig usci s rcmovaoie meaia" 

. ^ U ' S an authei «' ca "on key derived from the user's password. ID.sub U is the 

cTubDC i s ^ SU n^r iS ^ °f CeMer ID ' C sub U is ^ user s <* a " ngt 
Ll, ^ , f CeDter S Chal ' enge ' [C sub U - C sub DC ]K.sub.A denotes a 

seS kTic r su°h nr iK r hT'^ 86 31,(1 ** Data CeMer ' s challenge signed with * e 
key- [Csub DC IK.sub.A denotes an enrrvp ,i»n 0 f the Data Center's challenge 

Cen^ h T ^ ^ E S " bDC 1KSUbU de "° tes a " ^"T """ of the Dal 
Center s challenge using the authentication key. Authentication is assured by knowledge 
of the user s authentication key K.sub.U that is established by combining K.sub A art 
the user s password prior to any communication. 

S'SJ'centr'Tn TeX, H- ^ ^ M Step 10 °' PC 20 initiates communication 
w«h Data Center 30, sending the user's ID and the user's challenge in plain text to 

Werner ID ,h Tr? ^ ^ 30 reSp ° nds with P'*" text of the Date 

St. 7,k ID ' ^ S ChaUenge and 1,16 Data Centers ^llenge, and a 

digital signature of the user's challenge and the Data Center's challenge signed with the 

co C mhinf y -,H At St6P . H0, PC 20 Creat6S ** USer ' S authentication 8 ^ sur^y 
combining the user's password and secret key K.sub.A stored on a diskette the 
distribution of which is described be.ow. At step 115, PC 20 veriLs the di fi S 
Mire of the user's challenge and the Data Center's challenge usg ZrX 
£1 120 PC ?n * e ^n Center " Md ^ — ication termilS 

tev K P sufu!nH ^7 *" ^ Cemer ' S ChaIleDge Using ** "set's authentication 
Ceme, 1 1 tT " S ' n ^ SerrPt kPV K sub A - PC 20 sends to Data 

Cen e ',1^ 1 ^ Cemt ID ' 3nd ^ «*» ^ryptions of the Data 

m L ,h At SKP 125, Data Center 30 verif,es ** user ' s ID, the Data Center 

Protocol If Z ST ?' °r Center ' s cha » en 8 e "> «>mplete authentication 
C^ter 30 LTt ' ^ ° ,S a ' med Md 11,6 commun ication terminated. Data 

™5T USEr S authent,catI0n ke y K sub.U by combining secret key K sub A 

J2f^ ^"P 11011 Te , xt • DETX < 32 > : In a method, a virtual meter public key is 

th v m , S ' gnUP u, d ° Wnl0adS "* softw " re P ackage - The software package mclude 
the virtual meter public key. The mailer installs software into PC 20. Ihe vtoa 
postage metering system setup uses pseudorandom data (obtained from the mail's 
machine or from the mailer's keystrokes) to seed a p ocess whfch generate fl, 
authentication key. The mailer also chooses a password at this tune The mailer 
memorizes die password and the secret key is stored onto the hard d We or remoTaS 
media (diskette or dongle). At signup, the mailer's sensitive data such as credk Sd 
information and the authentication key for the authenticatio n protocol is enlvntt Sff 
d^e vrtual meter puhl.c key and uploaded to the virtua l meter data center Date CeZ 
daJ th r enSlt ! e data with virtual meter private key and securel y fores Z 
-data^A-public-key toolkit can-provide-the-tool s to enable this. y_"ores_tnis^ 



k D ey?'fcHe e „t C Sl\ TeXt " ^ Fina " y ' fa 3 fourth method fo ' distributing 



(obtained from the mailer's machine or from the mailer's keystrokes) to se^™l« 
winch generates a public/private key pair. The mailer iJ^l'SLES 
password at this time. At signnp, the mailer uploads the client public K to 

encyst SL? , Ce r 1° generat6S "* ^^^^^ 
encrypts it with the cl.ent public key, and returns it to the mailer. T he mailer decrvots 

i^mr ^ f ° r "* authenticati ° n Protocol with the client pZte £S 
splits it into the secret key and the password. The secret key is stored onto Sh%6 
drive or preferably, onto removable media (diskette or dong.e) NoHattis meL 

meter data center. A public key toolkit can provide the tools to enable this. 



ZTg cVnte^om 1 ^' A T** ***** 3 — * ™ 

at a data center from a r em ote user device, the method comprising the stSs~^F 

providing a password to a user; providing to a remote user deyfcL™^2fc key 

corre pondmg to a postage security account at a data cente r; combinTnT the pas word 

i e ^ t CryP T ai "!! C kCy 10 ° btain a user ^'hentication key; perforfnTng ^ 
authe„,, ca , 10 „ algorithm using the user authentication key to obtain aSHLE 

acceSto the no. ' rem ° ,e t0 data Center » ^t4T^ue« o 

access to the postage security account by the remnfe „ w md authenticate foe 

a C cctmIra da~^ * A ° f rem0tely aCCessil * a — ™ evidencing 

access* ^ rem0,e / ccess «° dam inter to initiate a request 
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